Monthly Archive

PowerShell

PowerShell Summit Europe 2015 – – sold out

The PowerShell Summit Europe 2015 is sold out.  Please be aware that we don’t maintain a waiting list as the Summit is a benefit of  PowerShell Association membership

IPAM: 1 Installation and configuration

IPAM stands for IP Address Management. It’s a feature in Windows Server 2012 R2 that enables you manage your DHCP and DNS servers as a whole rather than at the individual service or server level.

 

Installation of IPAM follows the standard approach for any Windows feature. Note that you can install IPAM on a Domain Controller but it won’t configure. IPAM is designed to be installed on a member server.

Full details on deploying IPAM server are available from here https://technet.microsoft.com/en-us/library/hh831353.aspx

 

I’m not going to run through the full deployment and configuration – just point out some issues and where you can use PowerShell to make things easier.

 

Once the IPAM feature is installed you have to provision the IPAM server. There isn’t a separate MMC for IPAM admin – you use Server Manager.  Provisioning an IPAM server can be done manually or by GPO.  Manual seemed best for lab/experiment/initial set up as can't swap from GPO to manual. You can use Windows Internal Database (WID) or SQL Server – I used WID.

 

You then need to configure your DHCP servers, DNS servers and domain controllers. This involves a number of group membership changes, firewall rule changes and a registry setting.

 

Create a group called IPAMUG and add the IPAN server into it.

New-ADGroup -Name IPAMUG -DisplayName IPAMUG -SamAccountName IPAMUG    -Description 'IPAM management group' -GroupCategory Security -GroupScope Universal

Add-ADGroupMember -Identity IPAMUG -Members (Get-ADComputer -Identity W12R2SUS)

 

Add IPAMUG to a number of groups

Add-ADGroupMember -Identity 'Event Log Readers' -Members (Get-ADGroup -Identity IPAMUG)

Add-ADGroupMember -Identity 'DHCP Users' -Members (Get-ADGroup -Identity IPAMUG)

Add-ADGroupMember -Identity 'DNSAdmins' -Members (Get-ADGroup -Identity IPAMUG)

 

I also found I had to add the IPAM server to the domain Administrators group to get the DNS data to come through.

 

Modify some firewall rules

$cs = New-CimSession -ComputerName W12R2SCDC01

Enable-NetFirewallRule  -DisplayName 'Remote Service Management (RPC)' -CimSession $cs -PassThru
Enable-NetFirewallRule  -DisplayName 'Remote Service Management (NP-In)' -CimSession $cs -PassThru
Enable-NetFirewallRule  -DisplayName 'Remote Service Management (RPC-EPMAP)' -CimSession $cs -PassThru

Get-NetFirewallRule -DisplayGroup 'Remote Service Management' -CimSession $cs |
ft  DisplayName, Enabled, Direction,Profile –a

 

There are a bunch of firewall rules that need setting. You can find the full list in the TechNet documentation.

For DHCP servers create an audit share

 

New-SmbShare -Name dhcpaudit -Path 'C:\Windows\System32\dhcp' -ReadAccess 'manticore\IPAMUG'
Set-SmbShare -Name dhcpaudit -Description 'DHCP audit share for IPAM' -Force

## restart DHCP service
Get-Service -Name DHCPServer | Restart-Service -PassThru

 

Enable event log monitoring on the DNS servers

$csd = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\DNS Server' -Name CustomSD |
select -ExpandProperty CustomSD
$ipamsid = (Get-ADComputer -Identity W12R2SUS | select -ExpandProperty SID).value
$csd = $csd + "(A;;0x1;;;$ipamsid)"
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\DNS Server' -Name CustomSD -Value $csd –PassThru

 

I also had to manually add the IPAMUG group into the security permissions for the DNS servers. Didin’t seem to be a way to automate that bit.

 

IPAM has a PowerShell module – IpamServer – which contains lots of cmdlets:

Add-IpamAddress
Add-IpamAddressSpace
Add-IpamBlock
Add-IpamCustomField
Add-IpamCustomFieldAssociation
Add-IpamCustomValue
Add-IpamDiscoveryDomain
Add-IpamRange
Add-IpamServerInventory
Add-IpamSubnet
Disable-IpamCapability
Enable-IpamCapability
Export-IpamAddress
Export-IpamRange
Export-IpamSubnet
Find-IpamFreeAddress
Get-IpamAddress
Get-IpamAddressSpace
Get-IpamAddressUtilizationThreshold
Get-IpamBlock
Get-IpamCapability
Get-IpamConfiguration
Get-IpamConfigurationEvent
Get-IpamCustomField
Get-IpamCustomFieldAssociation
Get-IpamDatabase
Get-IpamDhcpConfigurationEvent
Get-IpamDiscoveryDomain
Get-IpamIpAddressAuditEvent
Get-IpamRange
Get-IpamServerInventory
Get-IpamSubnet
Import-IpamAddress
Import-IpamRange
Import-IpamSubnet
Invoke-IpamGpoProvisioning
Invoke-IpamServerProvisioning
Move-IpamDatabase
Remove-IpamAddress
Remove-IpamAddressSpace
Remove-IpamBlock
Remove-IpamConfigurationEvent
Remove-IpamCustomField
Remove-IpamCustomFieldAssociation
Remove-IpamCustomValue
Remove-IpamDhcpConfigurationEvent
Remove-IpamDiscoveryDomain
Remove-IpamIpAddressAuditEvent
Remove-IpamRange
Remove-IpamServerInventory
Remove-IpamSubnet
Rename-IpamCustomField
Rename-IpamCustomValue
Set-IpamAddress
Set-IpamAddressSpace
Set-IpamAddressUtilizationThreshold
Set-IpamBlock
Set-IpamConfiguration
Set-IpamCustomFieldAssociation
Set-IpamDatabase
Set-IpamDiscoveryDomain
Set-IpamRange
Set-IpamServerInventory
Set-IpamSubnet
Update-IpamServer

Now I’ve got my IPAM server up and running its time to see what I can do with it

PowerShell Summit Europe 2015–nearly sold out

There are a handful of places left for the PowerShell Summit Europe 2015. If you want to secure a place I recommend that you book very soon as we can’t extend capacity any further.

PowerShell Summit NA 2015

We’re into the last afternoon as I write this. We’ve had some amazing sessions with excellent presentations on DSC, security aspects of using PowerShell, using and manipulating data with PowerShell, PowerShellGet, Nano server, working with ACLs in PowerShell and PowerShell help.

 

This has been out third Summit and North America and probably the best. We’ve had a great audience and are planning hard for next year

PowerShell Summit NA 2015–announcements

The PowerShell Team announced some things on Monday

OneGet is now PowerShell Package Maanger

 

Next WMF 5.0 preview will become available on 30 April

 

Pester – the testing module – will be included in Windows

 

Open Source projects on Github:

DSC Resource Kit

PowerShell Script Analayzer

Virtual Studio PowerShell Plug-in

PowerShell Summit NA 2015–recordings

The recordings from PowerShell Summit NA 2015 are starting to become available on the powershell.org you tube channel.

This gives you an opportunity to watch the sessions you missed.

If you didn’t attend the Summit it gives you the opportunity to see what the Summit is like and why you should be there

PowerShell Summit NA 2015–Day 1

The third PowerShell Summit kicked off Monday 20 April with breakfast and a welcome from Don Jones and the powershell.org board.

 

The PowerShell Summit is the premier PowerShell event in the world with 3 days of  in depth PowerShell sessions delivered by the PowerShell Team, PowerShell MVPs and other acknowledged  PowerShell experts.

 

The attendees are extremely knowledgeable asking probing questions to keep the speakers on their toes.

 

DSC is a major theme with the opening sessions covering this topic -  Don Jones on resource design and Jason Helmick on using DSC to deploy IIS and PWA.

Other sessions included using DSC with Active Directory, and PowerShell for the reluctant DBA.

 

More esoteric topics included a look at PowerShell and Odata & Monitoring with PowerShell.

 

The day closed with the 140 attendees listening to Jeffrey Snover discussing the State of PowerShell – where its come from and where its going

PowerShell Summit NA 2015 speakers

Want to learn a bit more about some of the speakers at the PowerShell Summit?  Head over to the Scripting Guy blog - http://blogs.technet.com/b/heyscriptingguy/ – to see a series of posts giving you some background, and pictures, of a number of speakers.

PowerShell Europe 2015 Agenda

As has been announced registration for the PowerShell Summit Europe 2015 opens on 27 February 2015. http://powershell.org/wp/2015/02/20/powershell-summit-europe-registration/

 

Other details on the Summit can be found here:  http://powershell.org/wp/community-events/summit/powershell-summit-europe-2015/

 

The agenda for the Summit can be found on the event site for the Summit http://eventmgr.azurewebsites.net/event/home/PSEU15

Shutting down machines in parallel

My test lab is a set of virtual machines running on a Lenovo w1510 laptop. When I’ve finished working for the day I want to shut down the virtual machines and the laptop. I may have anywhere between 2 and 8 (or more) VMs running so scripting the shutdown helps a lot.

 

Machines can be shutdown independently so this is an action that is ideal for parallel execution through a workflow.

 

workflow stop-allvms {
$vms = Get-VM | where State -eq "Running" 
foreach -parallel ($vm in $vms) {
Stop-Computer -PSComputerName $vm.Name -Force -Verbose
}
}

stop-allvms

 

Get the running VMs. use foreach –parallel to run stop-computer against each VM. Notice I’ve had to change the parameter on Stop-Computer from –ComputerName to –PSComputerName

 

Another little workflow that makes life easier. I looks like workflows aren’t going to be the game changer that we originally thought but they do add some interesting options.